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Abstract. Publishing private data on external servers incurs the problem of how to avoid 
unwanted disclosure of confidential data. We study a problem of confidentiality in extended 
disjunctive logic programs and show how it can be solved by extended abduction. In particular, 
we analyze how credulous non-monotonic reasoning affects confidentiality. 
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1 Introduction 

Confidentiality of data (also called privacy or secrecy in some contexts) is a major secu- 
rity goal. Releasing data to a querying user without disclosing confidential information has 
long been investigated in areas like access control, /c-anonymity, inference control, and data 
fragmentation. Such approaches prevent disclosure according to some security policy by re- 
stricting data access (denial, refusal), by modifying some data (perturbation, noise addition, 
cover stories, lying, weakening), or by breaking sensitive associations (fragmentation). Several 
approaches (like |3|8|I13|14|2|15| ) employ logic-based mechanisms to ensure data confidential- 
ity. In particular, [5] use brave reasoning in default logic theories to solve a privacy problem 
in a classical database (a set of ground facts). For a non-classical knowledge base (where 
negation as failure not is allowed) [16j study correctness of access rights. Confidentiality of 
predicates in collaborative multi-agent abduction is a topic in [10]. 

In this article we analyze confidentiality-preserving data publishing in a knowledge 
base setting: data as well as integrity constraints or deduction rules are represented as log- 
ical formulas. If such a knowledge base is released to the public for general querying (e.g., 
microcensus data) or outsourced to a storage provider (e.g., database-as-a-service in cloud 
computing), confidential data could be disclosed. We assume that users accessing the pub- 
lished knowledge base use a form of credulous (also called brave) reasoning to retrieve data 
from it; users also possess some invariant "a priori knowledge" that can be applied to these 
data to deduce further information. On the knowledge base side, a confidentiality policy spec- 
ifies which is the confidential information that must never be disclosed. This paper is one of 
only few papers (see |11|16|10] ) covering confidentiality for logic programs. This formalism 
however has relevance in multi-agent communications where agent knowledge is modeled by 
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logic programs. With extended abduction ([12j) we obtain a "secure version" of the knowl- 
edge base that can safely be published even when a priori knowledge is applied. We show 
that computing the secure version for a credulous user corresponds to finding a skeptical anti- 
explanation for all the elements of the confidentiality policy. Extended abduction has been 
used in different applications like for example providing a logical framework for dishonest 
reasoning [Tl]. It can be solved by computing the answer sets of an update program (see 
|12j): thus an implementation of extended abduction can profit from current answer set pro- 
gramming (ASP) solvers To retrieve the confidentiality-preserving knowledge base ET^"'' 
from the input knowledge base K, the a priori knowledge prior and the confidentiality policy 
policy, a row of transformations are applied; the overall approach is depicted in Figure [l} 
In sum, this paper makes the following contributions: 

— it formalizes confidentiality-preserving data publishing for a user who retrieves data under 
a credulous query response semantics. 

— it devises a procedure to securely publish a logic program (with an expressiveness up to 
extended disjunctive logic programs) respecting a subset-minimal change semantics. 

— it shows that confidentiality-preservation for credulous users corresponds to finding a 
skeptical anti-explanation and can be solved by extended abduction. 

In the remainder of this article, Section [2] provides background on extended disjunctive 
logic programs and answer set semantics; Section [3] defines the problem of confidentiality in 
data publishing; Section |4] recalls extended abduction and update programs; Section [5] shows 
how answer sets of update programs correspond to confidentiality-preserving knowledge bases; 
and Section [6] gives some discussion and concluding remarks. 

2 EDPs and answer set semantics 

In this article, a knowledge base K is represented by an extended disjunctive logic program 
(EDP) - a set of formulas called rules of the form: 

Li; . . . ; ^ L^+i, . . . , L^, notLm+i, notLn {n > m > I > 0) 

A rule contains literals Lj, disjunction ";", conjunction negation as failure ^''not" , and 
material implication A literal is a first-order atom or an atom preceded by classical 

negation "-i" . notL is called a NAF-literal. The disjunction left of the implication ^ is called 
the head, while the conjunction right of ^ is called the body of the rule. For a rule R, we write 
head{R) to denote the set of literals {Li, . . . ,L/} and body{R) to denote the set of (NAF- 
)literals . . • , Lm, notLm+i, ■ ■ ■ , notLn}- Rules consisting only of a singleton head L ^ 

are identified with the literal L and used interchangeably. An EDP is ground if it contains no 
variables. If an EDP contains variables, it is identified with the set of its ground instantiations: 
the elements of its Herbrand universe are substituted in for the variables in all possible ways. 
We assume that the language contains no function symbol, so that each rule with variables 
represents a finite set of ground rules. For a program K, we denote the set of ground 
literals in the language of K. Note that EDPs offer a high expressiveness including disjunctive 
and non-monotonic reasoning. 

Example 1. In a medical knowledge base Ill{x,y) states that a patient x is ill with disease y; 
Treat{x, y) states that x is treated with medicine y. Assume that if you read the record and 
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Fig. 1. Finding a confidentiality-preserving K^^^ for a credulous user 



find that one treatment (Medil) is recorded and another one (l\/ledi2) is not recorded, then 
you know that the patient is at least ill with Aids or Flu (and possibly has other illnesses). 
= {//^(a;, Aids); ///(j;, Flu) ^ Treat{x,UeA\l),notTreat{x,U^A\2) , 

/ZZ(Mary, Aids) , Treat{Pete, Medil)} serves as a running example. 

The semantics of K can be given by the answer set semantics [7J: A set S C of ground 
literals satisfies a ground literal L if L E S; S satisfies a conjunction if it satisfies every 
conjunct; S satisfies a disjunction if it satisfies at least one disjunct; 5 satisfies a ground rule 
if whenever the body literals are contained in S ({L^+i, . . . Q S) and all NAF-literals 

are not contained in S {{Lm+i, ■ ■ ■ , Ln} n 5 = 0), then at least one head literal is contained 
in S (Li E S for an i such that 1 < i < /). If an EDP K contains no NAF-literals (m = n), 
then such a set S is an answer set of -fC if S" is a subset-minimal set such that 

1. S satisfies every rule from the ground instantiation of K, 

2. If S contains a pair of complementary literals L and -iL, then S = ^k- 

This definition of an answer set can be extended to full EDPs (containing NAF-literals) as 
in [12j: For an EDP K and a set of ground literals S C ^}^^ K can be transformed into 
a NAF-free program as follows. For every ground rule from the ground instantiation of 
K (with respect to its Herbrand universe), the rule Li; . . . ; L/ ^ ij+i, . • • , is in if 
{Lm+i, • • . , Ln\ n 5 = 0. Then, S is an answer set of -R' if S is an answer set of . An answer 
set is consistent if it is not ^k- A program K is consistent if it has a consistent answer set; 
otherwise K is inconsistent. 

Example 2. The example K has the following two consistent answer sets 

= {///(Mary, Aids), Treat(Pete, Medil), ///(Pete, Aids)} 
5-2 = {///(Mary, Aids), Treat(Pete, Medil), ///(Pete, Flu)} 

When adding the negative fact -i/ZZ(Pete, Flu) to if, then there is just one consistent answer 
set left: for K' := K U {-i///(Pete, Flu)} the unique answer set is 

S' = {///(Mary, Aids), ^/Z/(Pete, Flu), rreat(Pete, Medil), ///(Pete, Aids)}. 

If a rule R is satisfied in every answer set of K, we write K |= R. In particular, K \= L if 
a literal L is included in every answer set of K. 



3 Confidentiality-Preserving Knowledge Bases 



When publishing a knowledge base K while preserving confidentiality of some data in K we 
do this according to 

— the query response semantics that a user querying the published knowledge base applies; 
we focus on credulous query response semantics 

— a confidentiality policy (denoted policy) describing confidential information that should 
not be released to the public 

— background (a priori) knowledge (denoted prior) that a user can combine with query 
responses from the published knowledge base 

First we define the credulous query response semantics: a ground formula Q is true in K, Q 
is satisfied in some answer set of K - that is, there might be answer sets that do not satisfy 
Q. If a rule Q is non-ground and contains some free variables, the credulous response of K is 
the set of ground instantiations of Q that are true in K. 

Definition 1 (Credulous query response semantics). Let U be the Herbrand universe 
of a consistent knowledge base K. The credulous query responses of formula Q{X) (with a 
vector X of free variables) in K are 

cred{K , Q{X)) = {Q{A) \ A is a vector of elements a £ U and there 

is an answer set of K that satisfies Q{A)} 

In particular, for a ground formula Q, 



cred{K, Q) 



Q if K has an answer set that satisfies Q 
otherwise 



It is usually assumed that in addition to the query responses a user has some additional 
knowledge that he can apply to the query responses. Hence, we additionally assume given 
a set of rules as some invariant a priori knowledge prior. Without loss of generality we 
assume that prior is an EDP. Thus, the priori knowledge may consist of additional facts that 
the user assumes to hold in K, or some rules that the user can apply to data in K to deduce 
new information. 

A confidentiality policy policy specifies confidential information. We assume that policy 



contains only conjunctions of (NAF-)literals. However, see Section 5.1 for a brief discussion on 
how to use more expressive policy formulas. We do not only have to avoid that the published 
knowledge base contains confidential information but also prevent the user from deducing 
confidential information with the help of his a priori knowledge; this is known as the inference 
problem |6|2j . 

Example 3. If we wish to declare the disease aids as confidential for any patient x we can do 
this with policy = {///(x. Aids)}. A user querying K^^'' might know that a person suffering 
from flu is not able to work. Hence prior = {^AbleToWork{x) ^ Ill{x, Flu)}. If we wish to 
also declare a lack of work ability as confidential, we can add this to the confidentiality policy: 
policy' = {Ill{x, A\ds) , -nAbleToWork{x)}. 

Next, we establish a definition of confidentiality-preservation that allows for the answer set 
semantics as an inference mechanism and respects the credulous query response semantics: 
when treating elements of the confidentiality policy as queries, the credulous responses must 
be empty. 



Definition 2 (Confidentiality-preservation for credulous user). A knowledge base K^"^ 
preserves confidentiality of a given confidentiality policy under the credulous query response 
semantics and with respect to a given a priori knowledge prior, if for every conjunction 
C{X) in the policy, the credulous query responses of C{X) in K^"^ U prior are empty: 
cred{KP'^^ U prior, C{X)) = 0. 

Note that in this definition the Herbrand universe of K'^^^ U prior is applied in the query 
response semantics; hence, free variables in policy elements C{X) are instantiated according 
to this universe. Note also that iC?'"^ u prior must be consistent. Confidentiality-preservation 
for skeptical query response semantics is topic of future work. 

A goal secondary to confidentiality-preservation is minimal change: We want to publish 
as many data as possible and want to modify these data as little as possible. Different notions 
of minimal change are used in the literature (see for example for a collection of minimal 
change semantics in a data integration setting). We apply a subset-minimal change semantics: 
we choose a iC?'"^ that differs from K only subset-minimally. In other words, there is not other 
confidentiality-preserving knowledge base K^^^ which inserts (or deletes) less rules to (from) 
K than ivTP"''. 

Definition 3 (Subset-minimal change). A confidentiality-preserving knowledge base K'^^^ 
subset-minimally changes K (or is minimal, for short) if there is no confidentiality-preserving 
knowledge base RP""^' such that {{K \ RP""^') U {RP""^' \ R)) C {{R \ RP""^) U (i^P"^ \ R)). 

Example 4- For the example R and policy and no a priori knowledge, the fact ///(Mary, Aids) 
has to be deleted. But also ///(Pete, Aids) can be deduced credulously, because it is satisfied 
by answer set 5*1. In order to avoid this, we have three options: delete Treat( Pete, Med 11), 
delete the non-literal rule in R or insert Treai(Pete, Medi2). The same solutions are found for 
R, policy' and prior: they block the credulous deduction of ^AbleToWork{Pete). The same 
applies to R' and policy. 

In the following sections we obtain a minimal solution RP^^ for a given input R, prior 
and policy by transforming the input into a problem of extended abduction and solving it with 
an appropriate update program. 

4 Extended Abduction 

Traditionally, given a knowledge base R and an observation formula O, abduction finds a 
"(positive) explanation" E - a set of hypothesis formulas - such that every answer set of the 
knowledge base and the explanation together satisfy the observation; that is, R L) E \= O. 
Going beyond that |9|12j use extended abduction with the notions of "negative observations" , 
"negative explanations" F and "anti-explanations" . An abduction problem in general can be 
restricted by specifying a designated set A of abducibles. This set poses syntactical restrictions 
on the explanation sets E and F. In particular, positive explanations are characterized by 
E Q A \ R and negative explanations hy F <^ R n A. If A contains a formula with variables, 
it is meant as a shorthand for all ground instantiations of the formula. In this sense, an EDP 
R accompanied by an EDP A is called an abductive program written as {R,A). The aim of 
extended abduction is then to find (anti-)explanations as follows (where in this article only 
skeptical (anti-)explanations are needed): 



— given a positive observation O, find a pair (E, F) where is a positive explanation and 
F is a negative explanation such that 

1. [skeptical explanation] O is satisfied in every answer set of {K \ F) U E; that is, 
{K\F)UE\=0 

2. [consistency] {K \ F)U E is consistent 

3. [abducibility] E C A \ K and F C An K 

— given a negative observation O, find a pair (E, F) where E is a positive anti-explanation 
and F is a negative anti-explanation such that 

1. [skeptical anti-explanation] there is no answer set of {K \ F) L) E in which O is 
satisfied 

2. [consistency] {K \ F)U E is consistent 

3. [abducibility] E C A \ K and F C An K 

Among (anti-)explanations, minimal (anti-)explanations characterize a subset-minimal 
alteration of the program K: an (anti-)explanation {E, F) of an observation O is called min- 
imal if for any (anti-)explanation {E',F') of O, E' Q E and F' <^ F imply E' = E and 
F' = F. 

For an abductive program {K,A) both K and A are semantically identified with their 
ground instantiations with respect to the Herbrand universe, so that set operations over them 
are defined on the ground instances. Thus, when (E, F) contain formulas with variables, 
(K \ F) L) E means deleting every instance of formulas in F, and inserting any instance 
of formulas in E from/into K . When E contains formulas with variables, the set inclusion 
E' <^ E is defined for any set E' of instances of formulas in E. Generally, given sets S and T of 
literals/rules containing variables, any set operation o is defined as S oT = inst{S) o inst{T) 
where inst{S) is the ground instantiation of S. For example, when p{x) € T, for any constant a 
occurring in T, it holds that {p{a)} C T, {p{a)}\T = 0, and T\{p{a)} = {T\{p(x)})U {p{y) \ 
y 7^ a}, etc. Moreover, any literal/rule in a set is identified with its variants modulo variable 
renaming. 



4.1 Normal form 

Although extended abduction can handle the very general format of EDPs, some syntactic 
transformations are helpful. Based on we will briefiy describe how a semantically equiv- 
alent normal form of an abductive program {K,A) is obtained - where both the program 
K and the set A of abducibles are EDPs. This makes an automatic handling of abductive 
programs easier; for example, abductive programs in normal form can be easily transformed 



into update programs as described in Section 4.2 The main step is that rules in A can be 



mapped to atoms by a naming function n. Let TZ be the set of abducible rules: 

n = {U ^ F \ {E ^ F) e A and {U ^ F) is not a literal} 

Then the normal form {K^^A^) is defined as follows where n{R) maps each rule i? to a fresh 
atom with the same free variables as R: 

K'' = {K\ TZ) U{S ^ F, n{R) \R = {S ^ F) eU] 

yj{n{R) \Re Knn} 

^" = \ TZ) U{n{R) \ReTZ} 



We define that any abducible literal L has the name L, i.e., n{L) = L. It is shown in 
that for any observation O there is a 1-1 correspondence between (anti-)explanations with 
respect to {K,A) and those with respect to {K'^,A^). That is, for n{E) = {n{R)\R £ E} 
and n{F) = {n{R)\R S F}: an observation O has a (minimal) skeptical (anti-)explanation 
{E,F) with respect to {K,A) iff O has a (minimal) skeptical (anti-)explanation {n{E),n{F)) 
with respect to Hence, insertion (deletion) of a rule's name in the normal form 

corresponds to insertion (deletion) of the rule in the original program. In sum, with the 
normal form transformation, any abductive program with abducible rules is reduced to an 
abductive program with only abducible literals. 

Example 5. We transform the example knowledge base K into its normal form based on 
a set of abducibles that is identical to K: that is A = K; a similar setting will be used in 



Section 5.2 to achieve deletion of formulas from K. Hence we transform {K,A) into its normal 



form {K^,A^) as follows where we write n{R) for the naming atom of the only rule in A: 

K'^ = {///(Mary, Aids), Treat{Pete, Medil), n{R), 

///(x. Aids); ///(x, Flu) ^ Treat{x,Med\l),notTreat{x,M&d\2),n{R)] 
= {///(Mary, Aids), /Veai( Pete, Medil), n{R) } 



4.2 Update programs 

Minimal (anti-)explanations can be computed with update programs (UPs) [T2]. The update- 
minimal (U-minimal) answer sets of a UP describe which rules have to be deleted from the 
program, and which rules have to be inserted into the program, in order (un-)explain an 
observation. 

For the given EDP K and a given set of abducibles A, a set of update rules UR is 
devised that describe how entries of K can be changed. This is done with the following three 
types of rules. 

1. [Abducible rules] The rules for abducible literals state that an abducible is either true 
in K or not. For each L G a new atom L is introduced that has the same variables as 
L. Then the set of abducible rules for each L is defined as 

ahd{L) := {L ^ notL , L ^ notL}. 

2. [Insertion rules] Abducible literals that are not contained in K might be inserted into 
K and hence might occur in the set E of the explanation {E, F). For each L E A \ K , a 
new atom +L is introduced and the insertion rule is defined as 

+L ^ L. 

3. [Deletion rules] Abducible literals that are contained in K might be deleted from K 
and hence might occur in the set F of the explanation (E, F). For each L £ ACi K , a new 
atom —L is introduced and the deletion rule is defined as 

—L ^ notL. 

The update program is then defined by replacing abducible literals in K with the update 
rules; that is, 

UP = {K\A)U UR. 



Example 6. Continuing Example [Sj from (iT",^") we obtain 

[/P = { aM(ffl(Mary, Aids)), aM( rreai( Pete, Med il)), abd{n{R)), 
-///(Mary, Aids) ^ noi///(Mary, Aids), 
-Treat{Pete, Medil) ^ not Treat{Pete, Medil), 
—n{R) •(— notn{R), 

///(x, Aids); ///(x. Flu) ^ Treat(x, Medil), noi Treat(x, Medi2), n(ii)} 

The set of atoms +L is the set UA'^ of positive update atoms; the set of atoms —L is the 
set UA~ of negative update atoms. The set of update atoms is UA = lAA^ U hlA~ . From 
ah answer sets of an update program UP we can identify those that are update minimal 
(U-minimal): they contain less update atoms than others. Thus, S is U- minimal iff there is 
no answer set T such that T n UA C S" n UA. 



4.3 Ground observations 

It is shown in |9] how in some situations the observation formulas O can be mapped to new 
positive ground observations. Non- ground atoms with variables can be mapped to a new 
ground observation. Several positive observations can be conjoined and mapped to a new 
ground observation. A negative observation (for which an anti-explanation is sought) can 
be mapped as a NAF-literal to a new positive observation (for which then an explanation 
has to be found). Moreover, several negative observations can be mapped as a conjunction 
of NAF-literals to one new positive observation such that its resulting explanation acts as 
an anti-explanation for all negative observations together. Hence, in extended abduction it 
is usually assumed that O is a positive ground observation for which an explanation has to 
be found. In case of finding a skeptical explanation, an inconsistency check has to be made 
on the resulting knowledge base. Transformations to a ground observation and inconsistency 



check will be detailed in Section 5.1 and applied to confidentiality-preservation. 



5 Confidentiality-Preservation with UPs 



We now show how to achieve confidentiality-preservation by extended abduction: we define the 
set of abducibles and describe how a confidentiality-preserving knowledge base can be obtained 
by computing U-minimal answer sets of the appropriate update program. We additionally 
distinguish between the case that we allow only deletions of formulas - that is, in the anti- 
explanation {E, F) the set E of positive anti-explanation formulas is empty - and the case 
that we also allow insertions. 



5.1 Policy transformation for credulous users 

Elements of the confidentiality policy will be treated as negative observations for which an 
anti-explanation has to be found. Accordingly, we will transform policy elements to a set of 
rules containing new positive observations as sketched in Section 4.3 We will call these rules 
policy transformation rules for credulous users {PTR'^^'^'^). 

More formally, assume policy contains k elements. For each conjunction Ci G policy (i = 
l...k), we introduce a new negative ground observation O^^ and map Ci to . As each 



Ci is a conjunction of (NAF-) literals, the resulting formula is an EDP rule. As a last policy 
transformation rule, we add one that maps all new negative ground observations 0~ (in their 
NAF version) to a positive observation Hence, 

PTR^red ._ ^ I (27. £ policy} U {0+ ^notO^,..., not }. 
Example 7. The set of policy transformation rules for policy' is 

Lastly, we consider a goal rule GR that enforces the single positive observation 0"*": 
Gi? = noiO+}. 

We can also allow more expressive policy elements in disjunctive normal form (DNF: a 
disjunction of conjunctions of (NAF-)literals). If we map a DNF formula to a new observation 
(that is, O'^-^j Ci V . . . V C;) this is equivalent to mapping each conjunct to the observation 
(that is, O'^-gj ^ Ci, . . . , O^j^j ^ Ci). We also semantically justify this splitting into disjuncts 
by arguing that in order to protect confidentiality of a disjunctive formula we indeed have to 
protect each disjunct alone. However, if variables are shared among disjuncts, these variables 
have to be grounded according to the Her brand universe of if U prior first; otherwise the 
shared semantics of these variables is lost. 



5.2 Deletions for credulous users 

As a simplified setting, we first of all assume that only deletions are allowed to achieve 
confidentiality-preservation. This setting can informally be described as follows: For a given 
knowledge base K, if we only allow deletions of rules from if, we have to find a skeptical 
negative explanation F that explains the new positive observation while respecting prior 
as invariable a priori knowledge. The set of abducibles is thus identical to K as we want to 
choose formulas from K for deletion: A = K. That is, in total we consider the abductive 
program {K,A). Then, we transform it into normal form (if",^"), and compute its update 



program UP as described in Section 4.2 As for prior, we add this set to the update program 
UP in order to make sure that the resulting answer sets of the update program do not 
contradict prior. Finally, we add all the policy transformation rules PTR'^^^'^ and the goal 
rule GR. The goal rule is then meant as a constraint that filters out those answer sets of 
UP U prior U PTR'^^^'^ in which is true. We thus obtain a new program P as 

P = UPU prior U PTR^''^'^ U GR 

and compute its U-minimal answer sets. If S is one of these answer sets, the negative expla- 
nation F is obtained from the negative update atoms contained in 5: i^ = {L | —L S S}. 

To obtain a confidentiality-preserving knowledge base for a credulous user, we have to 
check for inconsistency with the negation of the positive observation (which makes F a 
skeptical explanation of O^); and allow only answer sets of P that are U-minimal among 
those respecting this inconsistency property. More precisely, we check whether 

{K\F)U prior U PTR"'""^ U 0+} is inconsistent. (1) 



Example 8. We combine the update program UP of K with prior and the policy transfor- 
mation rules and goal rule. This leads to the following two U- minimal answer sets with only 
deletions which satisfy the inconsistency property ([T]): 

S[ = {-/ZZ(Mary, Aids), - rrea^(Pete, Medil), n(i?), /ZZ(Mary, Aids), rreai(Pete, Medil), 0+} 
S'^ = {-/ZZ(Mary,Aids), rreai(Pete, Medil), -n(i?), /ZZ(Mary, Aids), n(i?), 0+}. 

These answer sets correspond to the minimal solutions from Example |4] where ///(Mary, Aids) 
must be deleted together with either Treat(Pete, Medil) or the rule named R. 

Theorem 1 (Correctness for deletions). A knowledge base K^^^ = K \ F preserves 
confidentiality and changes K subset- minimally iff F is obtained by an answer set of the 
program P that is U-minimal among those satisfying the inconsistency property ([I]). 

Proof. (Sketch) First of all note that because we chose K to be the set of abducibles A, 
only negative update atoms from UA^ occur in UP - no insertions with update atoms from 
lAA'^ will be possible. Hence we automatically obtain an anti-explanation {E, F) where E 
is empty. As shown in jT2] . there is a 1-1 correspondence of minimal explanations and U- 
minimal answer sets of update programs; and anti-explanations are identical to explanations 
of a new positive observation when applying the transformations as in 

PTjlcred gy properties 
of skeptical (anti-)explanations we have thus RP""^ U prior U PTR""'"^ |= 0+ but for every 
there is no answer set in which is satisfied. This holds iff for every policy element Cj there 
is no answer set of K^'^^ U prior that satisfies any instantiation of Cj (with respect to the 
Herbrand universe of K?'"'' U prior); thus cred{Ki"'^ U prior, Ci) = 0. Subset-minimal change 
carries over from U- minimality of answer sets. 



5.3 Deletions and literal insertions 

To obtain a confidentiality-preserving knowledge base, (incorrect) entries may also be inserted 
into the knowledge base. To allow for insertions of literals, a more complex set A of abducibles 
has to be chosen. We reinforce the point that the subset ACiK of abducibles that are already 
contained in the knowledge base K are those that may be deleted while the subset A \ K oi 
those abducibles that are not contained in K may be inserted. 



First of all, we assume that the policy transformation is applied as described in Section 5.1 
Then, starting from the new negative observations 0~ used in the policy transformation rules, 
we trace back all rules in KU prior UPTR'^^'^'^ that influence these new observations and collect 
all literals in the bodies of these rules. In other words, we construct a dependency graph (as 
in [16]) and collect the literals that the negative observations depend on. More formally, let 
Po be the set of literals that the new observations directly depend on: 

Po = {L \ L € body{R) or notL e body{R) 

where R G PTR"'''"^ and Or G head{R)} 

Next we iterate and collect all the literals that the Pq literals depend on: 

Pj+i = {L \ L e body{R) or notL e body{R) 

where ReKU prior U PTR'^'""^ and head{R) n Pj ^ 0} 

and combine all such literals in a set 7^ = U jt=o ■ 



As we also want to have the option to delete rules from K (not only the literals in V), 
we define the set of abducibles as the set V plus all those rules in K whose head depends on 
literals in V: 

A = VLI{R \ R£ K and head{R) nV ^9} 

Example 9. For the example K L) prior L) PTR'^^'^'^ , the dependency graph is shown in Figure[2j 
We note that the new negative observation directly depends on the literal Ill{x, Aids) and 
the new negative observation O2 directly depends on the literal ^AbleToWork{x); this is the 
first set of literals Pq = {IU{x, A\ds),^AbleToWork{x)}. By tracing back the dependencies in 
the graph, V = {Ill{x, A\ds), ^AbleToWork{x), IU{x, Flu), Treat{x , Medil) , Treat{x, Medl2)} is 
obtained. Lastly, we also have to add the rule R from K to A because literals in its head are 
contained in V. 







Ill{x, Aids) 




Treat{x, Medil) 








O2 




-nAbleToWork{x) 




Ill{x, Flu) 




Treat{x, Medi2) 







Fig. 2. Dependency graph for literals in K L) prior U PTR 



We obtain the normal form and then the update program UP for K and the new set of 
abducibles A. The process of finding a skeptical explanation proceeds with finding an answer 



set of program P as in Section 5.2 where additionally the positive explanation E is obtained 



as E = {L \ +L G S} and 5 is U-minimal among those satisfying 

{K\F)UEU prior U PTR'''''"^ U 0+} is inconsistent. (2) 

Example 10. For UP from Example [8] the new set of abducibles leads to additional in- 
sertion rules. Among others, the insertion rule for the new abducible Treai(Pete, Medi2) is 
+ rreoi(Pete, Medi2) ^ Treat{Pete, Medi2). With this new rule included in UP, we also obtain 
the solution of Example [4] where the fact Treat{Pete, Medi2) is inserted into K (together with 
deletion of ///(Mary, Aids)). 

Theorem 2 (Correctness for deletions & literal insertions). A knowledge base /C^"^ = 
{K\F)L)E preserves confidentiality and changes K subset-minimally iff{E,F) is obtained by 
an answer set of program P that is U-minimal among those satisfying inconsistency property 
@). 

Proof. (Sketch) In UP, positive update atoms from UA'^ occur for literals on which the 
negative observations depend. For subset-minimal change, only these literals are relevant for 
insertions; inserting other literals will lead to non-minimal change. In analogy to Theorem [T| 
by the properties of minimal skeptical (anti-)explanations that correspond to U-minimal an- 
swer sets of an update program, we obtain a confidentiality-preserving XP"^ with minimal 
change. 



6 Discussion and Conclusion 



This article showed that when pubhshing a logic program, confidentiality-preservation can be 
ensured by extended abduction; more precisely, we showed that under the credulous query 
response it reduces to finding skeptical anti-explanations with update programs. This is an ap- 
plication of data modification, because a user can be mislead by the published knowledge base 
to believe incorrect information; we hence apply dishonesties as a security mechanism. 
This is in contrast to fT6\ whose aim is to avoid incorrect deductions while enforcing access 
control on a knowledge base. Another difference to [16] is that they do not allow disjunctions 
in rule heads; hence, to the best of our knowledge this article is the first one to handle a 
confidentiality problem for EDPs. In [3J the authors study databases that may provide users 
with incorrect answers to preserve security in a multi-user environment. Different from our 
approach, they consider a database as a set of formulas of prepositional logic and formulate 
the problem using modal logic. In analogy to p!2], a complexity analysis for our approach 
can be achieved by reduction of extended abduction to normal abduction. Work in progress 
covers data publishing for skeptical users; future work might handle insertion of non-literal 
rules. 
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